WGU C845 VUN1 Task 1| Passed on First Attempt |Latest Update with Complete Solution

WGU C845 VUN1 Task 1| Passed on First
Attempt |Latest Update with Complete Solution


A. Apply an Access Control Model d d d d




A.1. Chosen Access Control Model d d d




I have chosen the Role-Based Access Control (RBAC) model. The principles of RBAC are:
d d d d d d d d d d d d d




• Role Assignment: A user is assigned to a role based on their job function (e.g., "Finance
d d d d d d d d d d d d d d d




Analyst").
d




• Permission Assignment: Permissions to perform operations on systems are assigned to roles, not
d d d d d d d d d d d d




to individual users.
d d d




• Session Management: A user activates a role to gain the associated permissions for a session.
d d d d d d d d d d d d d d




• Least Privilege: Users should only have the minimum level of access necessary to perform their job
d d d d d d d d d d d d d d d




duties.
d




The organization's access control structure, as seen in the user matrix, is implicitly role-based (e.g., "Finance
d d d d d d d d d d d d d d d




manager," "HR coordinator"). Applying a formal RBAC model would streamline this by ensuring permissions
d d d d d d d d d d d d d d




are strictly tied to business functions, reducing complexity and the potential for user error when assigning
d d d d d d d d d d d d d d d d




permissions.
d




A.2. FourMisalignments with RBAC Principles d d d d




1. Misalignment 1: Privilege Escalation Beyond Role Scope d d d d d d




• Description: The "Junior system admin" (J. Lopez) has "Domain admin" privileges. A d d d d d d d d d d d




junior role should not have the highest level of access in a Windows environment.
d d d d d d d d d d d d d d




• Conflict with RBAC: This violates the principle of least privilege. The role "Junior system
d d d d d d d d d d d d d




admin" implies a subset of administrative duties, not unrestricted domain-wide control.
d d d d d d d d d d d




2. Misalignment 2: Unnecessary Access Across Departments d d d d d




• Description: The "Finance analyst" (L. Cheng) has "Full access" to the CRM, a system d d d d d d d d d d d d d




primarily for Sales and Support. A finance role typically does not require full modification
d d d d d d d d d d d d d d




rights in a customer relationship system.
d d d d d d




• Conflict with RBAC: This violates least privilege and separation of duties. It allows for
d d d d d d d d d d d d d




potential data manipulation outside the user's core business function.
d d d d d d d d d




3. Misalignment 3: Violation of User-Role Assignment Post-Termination d d d d d d




• Description: The "HR assistant" (P. Ellis), who was terminated on 2025-05-20, has an d d d d d d d d d d d d




"Active" account status and successfully logged in on 2025-06-29.
d d d d d d d d d




• Conflict with RBAC: RBAC requires timely revocation of role assignments upon a change in
d d d d d d d d d d d d d




employment status. An active session for a terminated user completely bypasses the
d d d d d d d d d d d d




security provided by the role structure.
d d d d d d




4. Misalignment 4: Overly Broad Privileged Access d d d d d




• Description: The "IT administrator" (T. Miller) has "Full admin" access to "All internal d d d d d d d d d d d d




systems," and the log shows they made a firewall rule change without a ticket_id.
d d d d d d d d d d d d d d




This study source was downloaded by 1524368 from cliffsnotes.com on 12-24-2025 11:53:06 GMT -06:00
d d d d d d d d d d d d d




https://www.cliffsnotes.com//study-notes/29344346

, • Conflict with RBAC: While some access is necessary, blanket "Full admin" access
d d d d d d d d d d d




violates least privilege and impedes accountability. It does not segment duties within the IT
d d d d d d d d d d d d d




department itself.
d d




This study source was downloaded by 1524368 from cliffsnotes.com on 12-24-2025 11:53:06 GMT -06:00
d d d d d d d d d d d d d




https://www.cliffsnotes.com//study-notes/29344346